Security

McAfee: North American Healthcare Sector ‘Worst Hit’ By Malware

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Follow on: Google +

North America’s health sector saw the most security incidents in a trend that has also seen health organisations disrupted acrosss the UK

North America’s healthcare sector emerged as the worst hit by computer security incidents in the second quarter of 2017, surpassing the public sector, according to researchers, in a trend that has seen hospitals and other health organisations hit by ransomware and other malware on both sides of the Atlantic.

McAfee Labs’ Threats Report for September, published on Tuesday, found the healthcare sector accounted for 26 percent of incidents for the quarter, surpassing the public sector, which was worst hit over the previous six quarters.

Hospitals targeted

The trend began in the first quarter of 2016 when a number of hospitals around the world were hit by ransomware attacks, which lock systems’ files and demand payment to decode them.

In May of this year the WannaCry ransomware attack disrupted NHS services, as well as causing widespread damage in more than 100 countries.

wannacry
The WannaCry malware caused disruption in May

While those incidents didn’t involve the exposure of patient records, McAfee noted that other occasions did result in data breaches.

“Whether physical or digital, data breaches in healthcare highlight the value of the sensitive personal information organisations in the sector possess,” stated Mcafee Labs vice president Vincent Weafer.

In Europe and Asia the public sector continued to lead in publicly disclosed security incidents for the quarter, followed in Europe by entertainment, health, finance and technology. In Asia financial services were second, followed by technology firms.

Do passwords have a future in cybersecurity?

View Results

Loading ... Loading ...

Facebook attacks

Facebook emerged as a significant attack target during the quarter, with the Faceliker Trojan accounting for up to 8.9 percent of the period’s 52 million new malware samples, McAfee said. The Trojan infects a users’ browser when a malicious or compromised website is visited, after which it hijacks the user’s ‘likes’ and promotes social media content without their knowledge.

The surge in Faceliker helped drive a broader jump in new malware samples, which rose 67 percent over the previous quarter. Ransomware continued to increase sharply, rising by 54 percent.

Mobile malware also grew significantly by 61 percent over the past four quarters, with infections worldwide rising by 8 percent in the second quarter. Asia, where the use of third-party app stores is well established, led the regions with an 18 percent rise.

Petya ransomware
A computer locked by the NotPetya malware

The growth of Mac malware slowed, hwoever, with malware targeting the macOS platform growing by only 27,000 samples during the quarter, a 4 percent rise. The platform had previously been hit by a glut of adware, McAfee said.

Rise of ‘pseudo-ransomware’

The firm, which was previously part of Intel Security but was spun out into a separate company in April, said it agreed with other researchers that this year’s disruptive WannaCry and NotPetya malware attacks weren’t quite what they seemed.

While both malware strains posed as ransomware, McAfee noted that neither had effective means for receiving funds and then decoding users’ encrypted data. That’s in sharp contrast to the majority of ransomware, which a report last year found to have well-developed and responsive customer service programmes.

Both WannaCry and NotPetya also spread in an unusual way, using a Windows exploit called EternalBlue that was allegedly developed by the NSA and was publicly leaked in April. The exploit allowed both to spread much more rapidly and to cause more damage than typical ransomware strains.

Such facts indicate the malware strains shouldn’t be considered unsuccessful money-making tools, McAfee said, since their real aim appeared to be causing disruption.

“If the motive was disruption then both campaigns were incredibly effective. We now live in a world in which the motive behind ransomware includes more than simply making money,” stated McAfee chief scientist Raj Samani. “Welcome to the world of pseudo-ransomware.”

Do you know all about security in 2017? Try our quiz!